Architecting world class azure resource manager templates
•Télécharger en tant que PPTX, PDF•
1 j'aime•1,204 vues
This session will provide details on consumption scenarios, architecture, and implementation patterns identified during our design sessions and real-world template implementations with customers. Far from academic, these are proven practices informed by the development of ARM templates for 12 of the top Linux-based OSS technologies, including: Apache Kafka, Apache Spark, Cloudera, Couchbase, Hortonworks HDP, DataStax Enterprise powered by Apache Cassandra, Elasticsearch, Jenkins, MongoDB, Nagios, PostgreSQL, Redis, and Nagios. The majority of these templates were developed with a well-known vendor of a given distribution and influenced by the requirements of Microsoft’s enterprise and SI customers during recent projects.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (20)
Similaire à Architecting world class azure resource manager templates
Similaire à Architecting world class azure resource manager templates (20)
Plus de Marc Mercuri
Plus de Marc Mercuri (7)
Dernier
Dernier (20)
Architecting world class azure resource manager templates
- 3. AZURE RESOURCE MANAGER API
- 5.
- 6. container for multiple resources resources exist in one* resource group resource groups can span regions resource groups can span services RESOURCE GROUP
- 7. You decide
- 8. tracks template execution created within a resource group allows nested deployments RESOURCE GROUP
- 15. { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Compute/virtualMachines", "name": "[concat(parameters('vmNamePrefix'), copyindex())]", "location": "[parameters('location')]", "copy": { "name": "virtualMachineLoop", "count": "[parameters('numberOfInstances')]" }, "dependsOn": [ "[concat('Microsoft.Network/networkInterfaces/', 'nic', copyindex())]" ], "properties": { "hardwareProfile": { "vmSize": "[parameters('vmSize')]" }, "osProfile": { "computername": "[concat('vm', copyIndex())]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]" }, "storageProfile": { "osDisk": { "name": "[concat(parameters('vmNamePrefix'),'-osDisk',copyindex())]", "osType": "[parameters('osType')]", "caching": "ReadWrite", "image": { "uri": "[variables('userImageName')]" }, "vhd": { "uri": "[concat(variables('osDiskVhdContainer'),parameters('vmNamePrefix'),copyindex(),'osDisk. vhd')]" }
- 16. { "name": "cluster-nodes", "type": "Microsoft.Resources/deployments", "apiVersion": "2015-01-01", "dependsOn": [ "[concat('Microsoft.Resources/deployments/', 'shared')]" ], "properties": { "mode": "Incremental", "templateLink": { "uri": "[variables('clusterNodesTemplateUrl')]", "contentVersion": "1.0.0.0" },
- 17. Start App Service Plan End Auto Scale Setting Web Site Alert Rule App Insights MS Deploy PKG After App Service Plan Completes After Website Completes Once All Complete
- 18.
- 19. "networkSettings": { "vnetName": "[parameters('virtualNetworkName')]", "addressPrefix": "10.0.0.0/16", "subnets": { "dmz": { "name": "dmz", "prefix": "10.0.0.0/24", "vnet": "[parameters('virtualNetworkName')]" }, "data": { "name": "data", "prefix": "10.0.1.0/24", "vnet": "[parameters('virtualNetworkName')]" } "osSettings": { "imageReference": { "publisher": "Canonical", "offer": "UbuntuServer", "sku": "14.04.2-LTS", "version": "latest" } "tshirtSizeSmall": { "vmSize": "Standard_A1", "diskSize": 1023, "vmTemplate": "[concat(variables('templateBaseUrl'), 'database-2disk-resources.json')]", "vmCount": 2, "storage": { "name": "[parameters('storageAccountNamePrefix')]", "count": 1, "pool": "db", "map": [0,0], "jumpbox": 0 } }, "availabilitySetSettings": { "name": "pgsqlAvailabilitySet", "fdCount": 3, "udCount": 5 }
- 20. "outputs": { "masterip": { "value": "[reference(concat(variables('nicName'),0)).ipConfigurations[0].properties.privateIPAddress]", "type":"string" }} "masterIpAddress": { "value": "[reference('master-node').outputs.masterip.value]" } }
- 21. Name Value Description Location String The location where the resources will be deployed from a constrained list of Azure regions. storageAccountN amePrefix String Unique DNS name for the Storage Account where the VM’s disks will be placed virtualNetworkNa me String For deployments that create a new Virtual Network, the name to use for creating that resource. For deployments that use an existing Virtual Network, the name of the VNet to deploy into. username String User name for the virtual machine(s) and potentially the application(s). More than one user name can be requested from the end user, but at least one must be prompted. password String Password for the virtual machine(s) and potentially the application(s). More than one password can be requested from the end user for different VMs or applications, but at least one must be prompted. tshirtSize String The named scale unit size to provision from a constrained list of offered t-shirt sizes. For example, “Small”, “Medium”, “Large” enableJumpbox String Parameter that identifies whether to enable a jumpbox for the environment. Values: “enabled”, “disabled”
- 22.
- 32.
- 35.
- 36.
- 37. Two Key Concepts Role Definitions • describes the set of permissions (e.g. read actions) • can be used in multiple assignments Role Assignments • associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group) • always inherited – subscription assignments apply to all resources
- 39. subscription level – grants permissions to all resources in the sub resource group level – grants permissions to all resources in the group resource level – grants permissions to the specific resource
- 45. { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Network/networkSecurityGroups", "name": "[parameters('FENSGName')]", "location": "[parameters('location')]", "properties": { "securityRules": [ { "name": "rdp_rule", "properties": { "description": "Allow RDP", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "3389", "sourceAddressPrefix": "Internet", "destinationAddressPrefix": "*", "access": "Allow", "priority": 100, "direction": "Inbound" } }, { "name": "web_rule", "properties": { "description": "Allow WEB", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "80", "sourceAddressPrefix": "Internet", "destinationAddressPrefix": "*", "access": "Allow", "priority": 101, "direction": "Inbound" } } ] } } { "apiVersion": "2015-05-01-preview", "type": "Microsoft.Network/networkSecurityGroups", "name": "[parameters('AppNSGName')]", "location": "[parameters('location')]", "properties": { "securityRules": [{ "name": "Allow_FE", "properties": { "description": "Allow FE Subnet", "protocol": "Tcp", "sourcePortRange": "*", "destinationPortRange": "443", "sourceAddressPrefix": "10.0.0.0/24", "destinationAddressPrefix": "*", "access": "Allow", "priority": 100, "direction": "Inbound" } }, { "name": "Block_RDP_Internet", "properties": { "description": "Block RDP", "protocol": "tcp", "sourcePortRange": "*", "destinationPortRange": "3389", "sourceAddressPrefix": "Internet", "destinationAddressPrefix": "*", "access": "Deny", "priority": 101, "direction": "Inbound" } }, { "name": "Block_Internet_Outbound", "properties": { "description": "Block Internet", "protocol": "*", "sourcePortRange": "*",
- 46.
- 47.
- 48.
- 49.
- 50.
- 52. 52
- 53.
- 55. Getting Started Azure Resource Manager Overview Using Windows PowerShell with Resource Manager Using the Azure Cross-Platform Command-Line Interface with the Resource Manager Using the Azure Portal to manage your Azure resources Creating and Deploying Applications Authoring Azure Resource Manager Templates Deploy an application with Azure Resource Manager template Troubleshooting Resource Group Deployments in Azure Azure Resource Manager Template Functions Advanced Template Operations Organizing Resources Using tags to organize your Azure resources Managing and Auditing Access Managing and Auditing Access to Resources Authenticating a Service Principal with Azure Resource Manager Create a new Azure Service Principal using the Azure classic portal